<!--#include virtual="includes/_header.htm" -->
<body class="page-cve-list ">
    <!--#include virtual="includes/_top.htm" -->
    <div class="content">
        <!--#include virtual="includes/_nav.htm" -->
        <div class="right">
    
    <h1>Apache Kafka Security Vulnerabilities</h1>
    
    This page lists all security vulnerabilities fixed in released versions of Apache Kafka
    
    <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196">CVE-2018-17196</a>
    Authenticated clients with Write permission may bypass transaction/idempotent ACL validation</h2>
    <p>In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually
    craft a Produce request which bypasses transaction/idempotent ACL validation.
    Only authenticated clients with Write permission on the respective topics are
    able to exploit this vulnerability. Users should upgrade to 2.1.1 or later
    where this vulnerability has been fixed.</p>
    
    <table class="data-table">
    <tbody>
      <tr>
        <td>Versions affected</td>
        <td>0.11.0.0 to 2.1.0, 0.10.2.2</td>
      </tr>
      <tr>
        <td>Fixed versions</td>
        <td>2.1.1 and later</td>
      </tr>
      <tr>
        <td>Impact</td>
        <td>This issue could result in privilege escalation.</td>
      </tr>
      <tr>
        <td>Issue announced</td>
        <td>10 July 2019</td>
      </tr>
    </tbody>
    </table>
    <!--#include virtual="includes/_footer.htm" -->